Real-time threat correlation with Wazuh and OpenCTI

Real-time threat correlation with Wazuh and OpenCTI

Post icon
/ Engineering
By

Modern security operations need deep visibility into endpoints, networks, and cloud workloads, combined with actionable, real‑time intelligence about active threats and adversaries. Without this context, security teams struggle to distinguish high‑priority threats from benign events and low‑value alerts, slowing down investigations and increasing attacker dwell time. Wazuh provides unified visibility and threat detection across your […]

Read more
Defending against the RoguePlanet vulnerability with Wazuh

Defending against the RoguePlanet vulnerability with Wazuh

Post icon
/ Engineering
By

Microsoft Defender is one of the most widely deployed security solutions, shipping out of the box with Windows 10, Windows 11, and Windows Server releases. A newly disclosed zero-day vulnerability, known as RoguePlanet (tracked as CVE-2026-50656), affects how Microsoft Defender handles specific file operations during malware remediation. Successful exploitation can allow an attacker with access […]

Read more
Detecting Stratus Red Team adversary emulation on Microsoft Azure with Wazuh

Detecting Stratus Red Team adversary emulation on Microsoft Azure with Wazuh

Post icon
/ Engineering
By

Microsoft Azure is a cloud computing platform that provides scalable infrastructure, storage, networking, identity management, and security services. Organizations use Azure to host critical workloads, manage enterprise applications, and support hybrid and cloud-native environments. At the core of Microsoft Azure identity infrastructure is Microsoft Entra ID, which manages identities, authentication, and access to cloud resources. […]

Read more
Managing shadow IT with Wazuh

Managing shadow IT with Wazuh

Post icon
/ Engineering
By

Shadow IT refers to technology resources, including hardware, software, services, and user accounts, used without the approval or oversight of IT and security teams. This can include remote access tools, cloud storage applications, AI tools, peer-to-peer clients, cryptocurrency miners, unsanctioned SaaS services, cracked software, and other unauthorized technologies. These unauthorized resources create visibility gaps because […]

Read more
Threat hunting with Agentic AI and Wazuh

Threat hunting with Agentic AI and Wazuh

Post icon
/ Engineering
By

Security Operations Centers face an escalating challenge in managing the high volume of alerts that require manual triage and verification. Each security event requires analysts to identify associated processes, network connections, file modifications, and actions performed in monitored environments. This time-consuming process becomes increasingly unsustainable as log volumes grow, creating correlation bottlenecks that delay incident […]

Read more
Monitoring MongoDB Atlas with Wazuh

Monitoring MongoDB Atlas with Wazuh

Post icon
/ Engineering
By

MongoDB Atlas is a fully managed, cloud-native database service that provides scalable and flexible document-oriented data storage. Built on the popular MongoDB engine, it enables organizations to deploy, operate, and scale databases across multiple cloud providers with minimal operational overhead. MongoDB Atlas supports high-performance workloads, real-time analytics, and modern application development. It is often used […]

Read more
Enforcing secure forensic archive with Wazuh and Shuffle

Enforcing secure forensic archive with Wazuh and Shuffle

Post icon
/ Engineering
By

Secure forensic archiving protects security evidence from tampering, enabling reliable forensic analysis, compliance validation, and incident response. Evidence can lose value if it is altered, deleted, or improperly stored.  Wazuh provides real-time threat detection, log analysis, and alerting across cloud and on-premises environments. When integrated with Shuffle, an open source SOAR platform, organizations can automate […]

Read more
Detecting DNS spoofing attacks with Wazuh

Detecting DNS spoofing attacks with Wazuh

Post icon
/ Engineering
By

DNS spoofing involves forging DNS responses to redirect traffic to malicious IP addresses, often through cache poisoning, Man-in-the-Middle (MITM) attacks, or local file tampering. Detecting DNS spoofing involves monitoring for unauthorized DNS record changes, unexpected IP address redirections, and SSL/TLS certificate warnings. Key detection methods include utilizing DNSSEC to verify data authenticity, analyzing traffic, and […]

Read more
Wazuh integration with Shuffle

Wazuh integration with Shuffle

Post icon
/ Engineering
By

Security automation refers to the use of technology to automatically handle security tasks, processes, and workflows with minimal human intervention. These tasks include detecting threats, triaging alerts, responding to incidents, remediating vulnerabilities, and more. Automating repetitive and time-consuming tasks allows security teams to reduce response times, minimize human error, and focus on more complex strategic […]

Read more
Detecting Kubernetes attacks with Wazuh

Detecting Kubernetes attacks with Wazuh

Post icon
/ Engineering
By

Kubernetes is an open source container orchestration platform that manages applications through a centralized API-driven control plane. Most operations in a Kubernetes cluster are performed via the Kubernetes API and are typically governed by RBAC or other authorization mechanisms. Misconfigured permissions or exposed credentials can allow attackers to interact directly with the Kubernetes API server. […]

Read more
Detecting Kubernetes misconfigurations with KubeLinter and Wazuh

Detecting Kubernetes misconfigurations with KubeLinter and Wazuh

Post icon
/ Engineering
By

Kubernetes misconfigurations introduce security risks in containerized environments. Containers running in privileged mode, workloads without CPU or memory limits, and workloads that run as root are common mistakes that can lead to privilege escalation, node compromise, or denial-of-service conditions. These issues are often introduced during development and remain undetected until deployment, making early detection important. […]

Read more
Detecting and responding to BQTLock ransomware with Wazuh

Detecting and responding to BQTLock ransomware with Wazuh

Post icon
/ Engineering
By

BQTLock is a .NET-based ransomware that targets Windows environments and employs a hybrid encryption approach combining AES-256 and RSA-4096, marking encrypted files with .bqtlock extension. It operates under a Ransomware‑as‑a‑Service (RaaS) model, which lowers the barrier to entry for attackers and accelerates its spread across industries. BQTLock operators typically favor targeted intrusions over random infections, […]

Read more
Keep up to date
with our digest of articles